Commit graph

74 commits

Author SHA1 Message Date
Matt Caswell
75862f7741 Sanity check the return from final_finish_mac
The return value is checked for 0. This is currently safe but we should
really check for <= 0 since -1 is frequently used for error conditions.
Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit c427570e50)

Conflicts:
	ssl/ssl_locl.h
2015-04-30 23:21:53 +01:00
Matt Caswell
ae5c8664e5 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:38 +00:00
Matt Caswell
65a6a1ff45 indent has problems with comments that are on the right hand side of a line.
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Conflicts:
	crypto/bn/bn.h
	crypto/ec/ec_lcl.h
	crypto/rsa/rsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl.h
	ssl/ssl3.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:26:44 +00:00
Matt Caswell
e19d4a99b8 Further comment amendments to preserve formatting prior to source reformat
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)

Conflicts:
	crypto/x509v3/pcy_tree.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:23:50 +00:00
Tim Hudson
6977c7e2ba mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

(cherry picked from commit 1d97c84351)

Conflicts:
	crypto/bn/bn_lcl.h
	crypto/bn/bn_prime.c
	crypto/engine/eng_all.c
	crypto/rc4/rc4_utl.c
	crypto/sha/sha.h
	ssl/kssl.c
	ssl/t1_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:23:04 +00:00
Dr. Stephen Henson
cf95b2d66a Remove MS SGC
MS Server gated cryptography is obsolete and dates from the time of export
restrictions on strong encryption and is only used by ancient versions of
MSIE.
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit 63eab8a620)
2015-01-02 23:01:38 +00:00
Richard Levitte
67a0ea702b [PR3597] Advance to the next state variant when reusing messages.
Previously, state variant was not advanced, which resulted in state
being stuck in the st1 variant (usually "_A").

This broke certificate callback retry logic when accepting connections
that were using SSLv2 ClientHello (hence reusing the message), because
their state never advanced to SSL3_ST_SR_CLNT_HELLO_C variant required
for the retry code path.

Reported by Yichun Zhang (agentzh).

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-28 23:31:28 +01:00
Dr. Stephen Henson
2f972419a3 Add fix for CVE-2013-4353 2014-01-07 15:41:11 +00:00
Dr. Stephen Henson
a32ba49352 Check EVP errors for handshake digests.
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f)
2013-12-18 13:27:15 +00:00
Dr. Stephen Henson
741c9959f6 DTLS revision.
Revise DTLS code. There was a *lot* of code duplication in the
DTLS code that generates records. This makes it harder to maintain and
sometimes a TLS update is omitted by accident from the DTLS code.

Specifically almost all of the record generation functions have code like
this:

some_pointer = buffer + HANDSHAKE_HEADER_LENGTH;
... Record creation stuff ...
set_handshake_header(ssl, SSL_MT_SOMETHING, message_len);

...

write_handshake_message(ssl);

Where the "Record creation stuff" is identical between SSL/TLS and DTLS or
in some cases has very minor differences.

By adding a few fields to SSL3_ENC to include the header length, some flags
and function pointers for handshake header setting and handshake writing the
code can cope with both cases.

(cherry picked from commit 173e72e64c)
2013-09-18 13:46:02 +01:00
Ben Laurie
f5cd3561ba Add and use a constant-time memcmp.
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a)
2013-02-06 13:56:12 +00:00
Dr. Stephen Henson
8eb4456f93 Make whitespace consistent with master branch. 2013-01-15 15:55:54 +00:00
Ben Laurie
68d2cf51bc Reduce version skew: trivia (I hope). 2012-06-03 22:03:37 +00:00
Dr. Stephen Henson
b583ebb7dd recognise X9.42 DH certificates on servers 2012-04-18 17:03:45 +00:00
Dr. Stephen Henson
7e65b21a24 Backport: Revise ssl code to use CERT_PKEY structure when outputting a certificate chain (from HEAD) 2012-04-06 12:00:24 +00:00
Dr. Stephen Henson
736d69750d Backport: tidy/enhance certificate chain output code (from HEAD) 2012-04-06 11:58:17 +00:00
Dr. Stephen Henson
0ffa49970b Backport support for fixed DH ciphersuites (from HEAD) 2012-04-06 11:33:12 +00:00
Ben Laurie
68b33cc5c7 Add Next Protocol Negotiation. 2011-11-13 21:55:42 +00:00
Dr. Stephen Henson
7b52778eff PR: 1731 and maybe 2197
Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.
2010-03-24 23:16:49 +00:00
Dr. Stephen Henson
bc9058d041 First cut of renegotiation extension. (port to 1.0.0-stable) 2009-11-09 18:45:42 +00:00
Dr. Stephen Henson
f18e10253d PR: 2022
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS record header length bug.
2009-09-02 12:53:32 +00:00
Dr. Stephen Henson
5135d6b985 Fix error codes and indentation. 2009-07-15 11:32:58 +00:00
Dr. Stephen Henson
dbb834ffeb Update from 0.9.8-stable. 2009-06-28 16:24:11 +00:00
Geoff Thorpe
99649b5990 Fix signed/unsigned warning. 2008-08-05 17:48:02 +00:00
Bodo Möller
474b3b1cc8 Fix error codes for memory-saving patch.
Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS
because it was rather pointless (the new behavior has to be explicitly
requested by setting SSL_MODE_RELEASE_BUFFERS anyway).
2008-08-04 22:10:38 +00:00
Ben Laurie
8671b89860 Memory saving patch. 2008-06-03 02:48:34 +00:00
Dr. Stephen Henson
81025661a9 Update ssl code to support digests other than MD5+SHA1 in handshake.
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
2007-08-31 12:42:53 +00:00
Andy Polyakov
a4d64c7f49 Align data payload for better performance. 2006-10-20 11:26:00 +00:00
Dr. Stephen Henson
566dda07ba New option SSL_OP_NO_COMP to disable compression. New ctrls to set
maximum send fragment size. Allocate I/O buffers accordingly.
2005-10-08 00:18:53 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Nils Larsch
6049399baf get rid of very buggy and very imcomplete DH cert support
Reviewed by: Bodo Moeller
2005-04-07 23:19:17 +00:00
Dr. Stephen Henson
cf56663fb7 Option to disable SSL auto chain build 2003-02-12 17:06:02 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Bodo Möller
aa1e56b0b9 remove comment
Submitted by: Douglas Stebila
2002-08-12 08:54:40 +00:00
Bodo Möller
5488bb6197 get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)
Submitted by: Nils Larsch
2002-08-12 08:47:41 +00:00
Bodo Möller
ea26226046 ECC ciphersuite support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
2002-08-09 08:56:08 +00:00
Lutz Jänicke
7b63c0fa8c Reorder inclusion of header files:
des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
2002-07-10 07:01:54 +00:00
Bodo Möller
82b0bf0b87 Implement known-IV countermeasure.
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:47:20 +00:00
Lutz Jänicke
11c26ecf81 Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>). 2002-03-19 16:42:09 +00:00
Bodo Möller
cf3a5cebd7 Call msg_callback with correct length parameter if ssl3_write_bytes had to
be called multiple times
2001-10-20 18:56:01 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Bodo Möller
bf21446a2a Add per-SSL 'msg_callback' with 'msg_callback_arg'.
Both have per-SSL_CTX defaults.
These new values can be set by calling SSL[_CTX]_[callback_]ctrl
with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.

So far, the callback is never actually called.


Also rearrange some SSL_CTX struct members (some exist just in
SSL_CTXs, others are defaults for SSLs and are either copied
during SSL_new, or used if the value in the SSL is not set;
these three classes of members were not in a logical order),
and add some missing assignments to SSL_dup.
2001-10-16 13:09:24 +00:00
Bodo Möller
8f71fb8d98 For consistency, set s->init_num in the 'reuse_message' case
(if s23_srvr.c faked the message, s->init_num is 0).
2001-10-15 20:16:36 +00:00
Bodo Möller
48948d53b6 Change ssl3_get_message and the functions using it so that complete
'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.

(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)
2001-10-15 19:49:25 +00:00
Bodo Möller
2ce15df528 Fix ssl3_get_message handle message fragmentation correctly. 2001-10-15 17:41:41 +00:00
Bodo Möller
3b0b5abae3 bugfix: handle HelloRequest received during handshake correctly 2001-09-21 11:18:40 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Dr. Stephen Henson
b545dc6775 Initial CRL based revocation checking. 2001-05-07 22:52:50 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Bodo Möller
5a4fbc69c3 First step towards SSL_peek fix. 2000-12-14 17:36:59 +00:00